search

ionos-cloud / terraform-provider-ionoscloud

The IonosCloud Terraform provider gives the ability to deploy and configure resources using the IonosCloud APIs.
Mozilla Public License 2.0
34 stars 23 forks source link

Not able to define inline multiple primary nic firewall rules #392

Closed sfuhrm closed 1 year ago

sfuhrm commented 1 year ago

Description

This feels more like a design problem than a software bug. The ionoscloud_server server contains sub-definitions for nic, and the nic contains a sub-definition for firewall. Unfortunately the firewall is only able to contain one single firewall rule:

resource "ionoscloud_server" "example" {
...
    nic {
        lan               = ionoscloud_lan.mylan.id
        name              = "system"
        dhcp              = true
        firewall_active   = true
        firewall_type     = "INGRESS"
        ips               = [ ionoscloud_ipblock.myip.ips[0] ]
        firewall {
          protocol = "TCP"
          port_range_start = 22
          port_range_end = 22
        }
    }

Expected behavior

The expected behaviour would be to either be able to add additional separate firewall objects that can refer to the servers nic, or specify an array of firewall objects in the server.

resource "ionoscloud_server" "example" {
...
    nic {
        lan               = ionoscloud_lan.mylan.id
        name              = "system"
        dhcp              = true
        firewall_active   = true
        firewall_type     = "INGRESS"
        ips               = [ ionoscloud_ipblock.myip.ips[0] ]
        firewall [ {
          protocol = "TCP"
          port_range_start = 22
          port_range_end = 22}, {
          protocol = "TCP"
          port_range_start = 80
          port_range_end = 80}
        ]
    }

Environment

Terraform version: 

Terraform v1.4.6

Provider version: 

+ provider registry.terraform.io/ionos-cloud/ionoscloud v6.3.6

OS:

Debain 11

Additional notes

It is possible to attach firewall rules to a server by using ionoscloud_firewall resources:

resource "ionoscloud_firewall" "example" {
    datacenter_id         = ionoscloud_datacenter.terraform_1.id
    server_id             = ionoscloud_server.example.id
    nic_id                = ionoscloud_server.example.nic[0].id
    protocol              = "ICMP"
...
    icmp_type             = 1
    icmp_code             = 8
    type                  = "INGRESS"
}

References

cristiGuranIonos commented 1 year ago

Currently you cannot define multiple inline firewall rules for a server, but we are working on enabling that hopefully in the next release.

cristiGuranIonos commented 1 year ago

Should be fixed in v6.4.5